Fault Tolerant Apparatus and Method for Elliptic Curve Cryptography

1. A processor comprising: one or more cores to execute instructions and process data; and fault attack logic to ensure that the execution of the instructions and processing of the data is not vulnerable to memory safe-error attacks by hiding any correlation between processor behavior and secret bits in a secret key, wherein the secret key comprises a secret key [d] based on an elliptic curve defined by Q=[d]P where Q and P are two points on the elliptic curve and [d] is an integer; wherein the fault attack logic is to hide any correlation between processor behavior and secret bits in the secret key by performing register write operations for updating registers for Q 0 and Q 1 concurrently, on a common clock edge to restore both PA and PD results.

2. The processor as in claim 1 wherein hiding comprises operations of: performing a plurality of point addition (PA) operations adding multiple values for Q where Q=[d]P and Q and P are two points on an elliptic curve and d is the secret key.

3. The processor as in claim 2 wherein the PA operations comprise Q −dj =Q 0 +Q 1 , where d j comprises a secret bit of the secret key and −d j comprises an inverse of d j .

4. The processor as in claim 2 wherein hiding further comprises operations of: performing a point doubling (PD) operation by multiplying multiple values for Q.

5. The processor as in claim 4 wherein the PD operation comprises Q dj =2Q dj where d j comprises a secret bit of the secret key.

6. A method comprising: executing instructions and processing data on a processor having one or more cores; and detecting that a fault is injected into the processor; and ensuring that the execution of the instructions and processing of the data is not vulnerable to memory safe-error attacks by hiding any correlation between processor behavior and secret bits in a secret key, wherein the secret key comprises a secret key [d] based on an elliptic curve defined by Q=[d]P where Q and P are two points on the elliptic curve and [d] is an integer; wherein the fault attack logic is to hide any correlation between processor behavior and secret bits in the secret key by performing register write operations for updating registers for Q 0 and Q 1 concurrently, on a common clock edge to restore both PA and PD results.

7. The method as in claim 6 wherein hiding comprises: performing a plurality of point addition (PA) operations adding multiple values for Q where Q=[d]P and Q and P are two points on an elliptic curve and d is the secret key.

8. The method as in claim 7 wherein the PA operations comprise Q −dj =Q 0 +Q 1 , where d j comprises a secret bit of the secret key and −d j comprises an inverse of d j .

9. The method as in claim 7 wherein hiding further comprises: performing point doubling (PD) operation by multiplying multiple values for Q.

10. The method as in claim 9 wherein the PD operation comprises Q dj =2Q dj where d j comprises a secret bit of the secret key.

11. The method as in claim 6 wherein the secret key comprises a secret key based on an elliptic curve defined by Q=[d]P where Q and P are two points on an elliptic curve and d is an integer.

12. A system comprising: a memory subsystem comprising a cache hierarchy and a system memory to store instructions and data; one or more cores to execute the instructions and process data; and fault attack logic to ensure that the execution of the instructions and processing of the data is not vulnerable to memory safe-error attacks by hiding any correlation between processor behavior and secret bits in a secret key, wherein the secret key comprises a secret key [d] based on an elliptic curve defined by Q=[d]P where Q and P are two points on the elliptic curve and [d] is an integer; wherein the fault attack logic is to hide any correlation between processor behavior and secret bits in the secret key by performing register write operations for updating registers for Q 0 and Q 1 concurrently, on a common clock edge to restore both PA and PD results.

13. The system as in claim 12 wherein hiding comprises operations of: performing a plurality of point addition (PA) operations adding multiple values for Q where Q=[d]P and Q and P are two points on an elliptic curve and d is the secret key.

14. The system as in claim 13 wherein the PA operations comprise Q −dj =Q 0 +Q 1 , where d j comprises a secret bit of the secret key and −d j comprises an inverse of d j .

15. The system as in claim 13 wherein hiding further comprises the operations of: performing point doubling (PD) operation by multiplying multiple values for Q.